The Agent Skills Directory

[SAFE]: The skill defines a legitimate protocol for managing persistent memory using specialized MCP tools (search_memories, add_memory, etc.).
[DATA_EXPOSURE]: The instructions suggest storing detailed information, including code snippets and file paths, in an external memory service (Mem0). This is the primary intended function of the skill and is documented for transparency.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8c) because it retrieves context from an external database that could theoretically be manipulated by an attacker to include malicious instructions.
Ingestion points: The search_memories and get_memories tools in SKILL.md are used to pull external data into the agent's context.
Boundary markers: The skill does not define specific delimiters or instructions to the agent to treat retrieved memories as untrusted data.
Capability inventory: The skill utilizes memory operations; it does not explicitly define arbitrary command execution or file system modification capabilities.
Sanitization: There is no mention of sanitizing or validating the content retrieved from the memory service before it is processed by the agent.

mem0-codex